Cybersecurity in Post Pandemic World
Cybersecurity Challenges posed into Financial Services Industry and related organizations for post-pandemic world
The global COVID-19 pandemic has created a shock on our lifestyles and systems to rethink and redefine long-held beliefs and practices on how we work and conduct our lives on day-to-day basics. It brings global-scale changes in unimaginable speed, scale, and time especially multi-decade-worth of disruptions has been happened in weeks and days and forcing individuals, industries, families/communities, business, governments, and countries
Especially the financial services industry is changing drastically to adopt the changes as it becomes new normal — changed consumer expectations, mobile-first and cloud-first based digitalization with WFH of staff, and remote management of IT and process management in financial functions happened overnight and all these are increasing the cyber-risk multifold. The profound changes from physically located branches, offices, and data centers-based applications to completely online, easy to use with customer-centric technologies accessed from gadgets like mobile phones, tablets, laptops hence its opened-up new vulnerabilities across the spectrum.
Organizations adopting cloud-first and mobile-first digital transformation journeys faster hence financial institutions vulnerable and attractive targets for hackers and cyber-criminals, who treated the global pandemic as a lifetime opportunity to get into the gold rush. State and non-state threat actors exploiting this unique pandemic environment to prey on remote, vulnerable global workforce and overall lack of organization-wide understanding of new security controls required and performance and risk mitigation in the new operating environment, added extra vulnerabilities.
Changes required at an Organization level
To ensure a secure operating environment CXOs, CISOs, and IT security teams need to relook at their strategies with the following key points in mind- overall network and data transmission security, end to end encryption security on data on rest and network, and real-time AI-based threat monitoring and prevention system. Other than IT system vulnerabilities, remote working, endpoint management functions are a big worry due to their customers and vendor partners are using it heavily hence cybersecurity setup, IT and Business related human resources need to be trained from time to time on upskilling, reskilling, and create awareness across all levels and deploy additional security measures in their own environments as well as customers’ environments.
The measures are required:
Continuous training of all staff members based on their roles and responsibilities, in real-time environment implications related to security threats, and creating awareness based on user base and how to use best practices on their day-to-day work.
Post-pandemic reskilling workforce with relevant skills
CXOs and CISOs need to go back to their drawing board and re-access and address the organization security: what you are using for security setup like biometrics?, what you know about your application and network security using for security like passwords? and what you have to use for SecureID, RSA tokens, OTPs. 2FA (two-factor authentication) is no longer enough given its susceptibility to break by threat actors hence financial institutions need to completely re-think all three mentioned methods, any changes need to be made without taking away from a frictionless user experience.
To enable security best practices across the organization is the key for any new strategy to implement like moving applications and data into the private data center or public cloud or hybrid cloud setup with using other options like enabling voice-based authentication or biometric methodology and secure facial recognition and iris-based authentications and number grids on debit and credit cards/digital cards with OTP, QR code scan-based UPI payment methods and creating awareness to the customer and their education should be the underlying foundation for any security-enhancing measures. Vendors and partners need to be educated, well trained, and audited for compliance on period basics to enable high security and enable multi-factor authentication/ MFA. Using existing and new technologies blend solutions looking very promising and cost-effective and easy to implement.
Advanced Emerging Technologies Adaptation
Artificial Intelligence (AI) adaptation solves many issues related to our day-to-day problems starts with a clean environment, education, financial transactions to advance cancer cure to advanced cybersecurity research and development. Using machine learning (ML) and deep learning (DL) technologies has tremendous potential for preventing and protecting cyberattacks, using AI helps on fraud detection and mitigation using real-time transactions, behaviors and background verification, and historical analysis with future projections and extrapolations in a matter of milliseconds. Using AI-based technologies can proactively detect any transactions that do not fit the usual patterns and it can be deployed on critical transactions like value-based assessment or volume-based assessment, securing the robustness of financial industry and security.
Blockchain or distributed ledger technologies are showing a lot of potential in the financial services domain especially cryptographic distributed ledgers containing a log of transactions stored across multiple computers in a network and as a fact that Blockchains are distributed and immutable hence data protected and creates resistance to cyber-attacks with each transaction contains metadata with the timestamp, creating certainty of execution.
Regulations and Regulators:
Financial Industry Regulators are increasingly giving attention towards cybersecurity and cyber-criminals pose threads, renewing the focus on technology risk management and broadening the types of incidents that financial institutions must report and work on mitigation management to satisfy security regulations. Financial institutions are losing a whopping $18bn per annum related to identity fraud alone, according to Javelin Strategy & Research. In Dec 2020 US regulator Federal Reserve proposed new rules where financial institutions are required to notify their primary regulator of data breaches and interruptions in service, no later than 36 hours after identification.
Regulators recommend using financial institutions to adopt cutting-edge well tested technologies to prevent cybercrime. The latest SolarWinds software-based hacking saga on several US government departments that's including the home and highest president office and agency in charge of USA nuclear weapons and stockpile has been shown us a level of vulnerability even the most protected secure data assets and its managed by security agencies. Due to these incidents compelling financial institutions to intensify their consideration of risks in their digital technology landscape and need to take proper mitigation while taking the digital transformation journey and it's become clear that cybersecurity has no final destination but its continuously evolving space where every organization needs to work on.
